vendor: update buildkit to 0e3037c0182e

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2025-07-10 13:37:08 +08:00 · 2025-02-10 16:48:59 -08:00
parent c8c9c72ca6
commit f11496448a
49 changed files with 2005 additions and 1377 deletions
--- a/vendor/github.com/moby/buildkit/session/auth/authprovider/authprovider.go
+++ b/vendor/github.com/moby/buildkit/session/auth/authprovider/authprovider.go
@ -38,18 +38,43 @@ const (
 	dockerHubRegistryHost  = "registry-1.docker.io"
 )

-func NewDockerAuthProvider(cfg *configfile.ConfigFile, tlsConfigs map[string]*AuthTLSConfig) session.Attachable {
+type DockerAuthProviderConfig struct {
+	// ConfigFile is the docker config file
+	ConfigFile *configfile.ConfigFile
+	// TLSConfigs is a map of host to TLS config
+	TLSConfigs map[string]*AuthTLSConfig
+	// ExpireCachedAuth is a function that returns true auth config should be refreshed
+	// instead of using a pre-cached result.
+	// If nil then the cached result will expire after 10 minutes.
+	// The function is called with the time the cached auth config was created
+	// and the server URL the auth config is for.
+	ExpireCachedAuth func(created time.Time, serverURL string) bool
+}
+
+type authConfigCacheEntry struct {
+	Created time.Time
+	Auth    *types.AuthConfig
+}
+
+func NewDockerAuthProvider(cfg DockerAuthProviderConfig) session.Attachable {
+	if cfg.ExpireCachedAuth == nil {
+		cfg.ExpireCachedAuth = func(created time.Time, _ string) bool {
+			return time.Since(created) > 10*time.Minute
+		}
+	}
 	return &authProvider{
-		authConfigCache: map[string]*types.AuthConfig{},
-		config:          cfg,
+		authConfigCache: map[string]authConfigCacheEntry{},
+		expireAc:        cfg.ExpireCachedAuth,
+		config:          cfg.ConfigFile,
 		seeds:           &tokenSeeds{dir: config.Dir()},
 		loggerCache:     map[string]struct{}{},
-		tlsConfigs:      tlsConfigs,
+		tlsConfigs:      cfg.TLSConfigs,
 	}
 }

 type authProvider struct {
-	authConfigCache map[string]*types.AuthConfig
+	authConfigCache map[string]authConfigCacheEntry
+	expireAc        func(time.Time, string) bool
 	config          *configfile.ConfigFile
 	seeds           *tokenSeeds
 	logger          progresswriter.Logger
@ -247,17 +272,25 @@ func (ap *authProvider) getAuthConfig(ctx context.Context, host string) (*types.
 		host = dockerHubConfigfileKey
 	}

-	if _, exists := ap.authConfigCache[host]; !exists {
-		span, _ := tracing.StartSpan(ctx, fmt.Sprintf("load credentials for %s", host))
-		ac, err := ap.config.GetAuthConfig(host)
-		tracing.FinishWithError(span, err)
-		if err != nil {
-			return nil, err
-		}
-		ap.authConfigCache[host] = &ac
+	entry, exists := ap.authConfigCache[host]
+	if exists && !ap.expireAc(entry.Created, host) {
+		return entry.Auth, nil
 	}

-	return ap.authConfigCache[host], nil
+	span, _ := tracing.StartSpan(ctx, fmt.Sprintf("load credentials for %s", host))
+	ac, err := ap.config.GetAuthConfig(host)
+	tracing.FinishWithError(span, err)
+	if err != nil {
+		return nil, err
+	}
+	entry = authConfigCacheEntry{
+		Created: time.Now(),
+		Auth:    &ac,
+	}
+
+	ap.authConfigCache[host] = entry
+
+	return entry.Auth, nil
 }

 func (ap *authProvider) getAuthorityKey(ctx context.Context, host string, salt []byte) (ed25519.PrivateKey, error) {